Puppet 實現 LNMT(session_server) 自動化部署的實例

原創 achuDk 2020-02-20 18:32

Puppet 實現 LNMT(session_server) 自動化部署的實例

實驗環境介紹及準備

本實驗計劃配備四臺主機,均使用CentOS7系統,使用 puppet 及 puppet-server 均爲 3.8.7-1.el7.noarch 版,facter程序使用 facter-2.4.6-1.el7.x86_64 版。

由於本實驗集羣內主機數量較少,主機間角色識別方式採用修改 /etc/hosts 文件方式,在實際生產環境中,若集羣內主機數量較多,應使用內部 DNS 服務器。

  • 本實驗主機IP及角色分配
主機名(短)  主機名(長)          IP地址          角色分配
node1       node1.achudk.com    172.16.50.1     Master
node7       node7.achudk.com    172.16.50.7     Agent
node11      node11.achudk.com   172.16.50.11    Agent
node12      node12.achudk.com   172.16.50.12    Agent

實驗過程實例

首先同步時間

  1. 保證主機間能互相識別角色,修改 /etc/hosts 文件並分發至其他主機
#修改hosts文件
vim /etc/hosts
#修改如下
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.50.1     node1.achudk.com    node1
172.16.50.7     node7.achudk.com    node7
172.16.50.11    node11.achudk.com   node11
172.16.50.12    node12.achudk.com   node12
#分發hosts文件並確認
scp /etc/hosts root@172.16.50.7:/etc/
scp /etc/hosts root@172.16.50.11:/etc/
scp /etc/hosts root@172.16.50.12:/etc/

  1. 安裝程序包

    • Master節點主機
yum install -y puppet-3.8.7-1.el7.noarch.rpm facter-2.4.6-1.el7.x86_64.rpm puppet-server-3.8.7-1.el7.noarch.rpm
  • Agent節點主機
yum install -y puppet-3.8.7-1.el7.noarch.rpm facter-2.4.6-1.el7.x86_64.rpm

  1. 修改配置文件

    • Master節點
vim /etc/puppet/puppet.conf
#在[main]配置段中增加一項內容,定義部署環境的路徑
environmentpath = $confdir/environments
#創建部署環境目錄
mkdir -pv /etc/puppet/environments/{development,production,testing}/{manifests,modules}
  • 每個Agent節點
vim /etc/puppet/puppet.conf
#在[main]配置段中增加以下內容
listen = true                   #爲了能及時接收到Master主機的配置變化信息,啓動監聽8139端口
server = node1.achudk.com       #設定Master主機的主機名
environment = production        #設定部署環境

vim /etc/puppet/
#在最後兩行之前,增加以下內容
path /run
method save
auth any
allow node7.achudk.com

#以下爲文件自帶的最後兩行內容
path /
auth any

  1. puppet 通過https協議保證安全通信,且採用Master和Agent雙向認證,配置雙向認證

    • 初始化Master節點:程序會自動生成私鑰並自籤CA
#啓動puppetmaster服務並查看8140端口
systemctl start puppetmaster
ss -tnl
  • 每個Agent節點

爲了能夠在前臺查看執行過程,可將puppetagent服務以非守護進程形式運行,

puppet agent --Server node1.achudk.com -d -v --no-daemonize
  • 在Master節點查看Agent節點發來的CA請求並簽署

puppet cert 命令使用方法:

puppet cert <action> [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] [--digest <digest>] [<host>]
  • 查看請求並簽署
puppet cert list --all      #查看全部已簽署和未簽署的請求,也可以僅查看某主機的情況
puppet cert sign --all      #因本集羣配置在私有網段,與公網隔離,故安全性較高,否則禁止使用--all選項,應對某主機單獨簽證
  • 簽署後,再次查看所有證書籤署情況,確認本實驗分配所有主機的請求已被簽署

簽署成功的主機前面會有個 “+” 符號

puppet cert list --all
#結果如下:
+ "node11.achudk.com" (SHA256) 7F:E0:E7:2A:E3:2B:CA:8B:C0:F5:BA:D7:18:B9:8C:3A:F2:EB:AE:AB:E7:D6:9D:4B:D8:01:B0:B7:74:99:14:1C
+ "node12.achudk.com" (SHA256) 31:DB:00:DC:BC:4C:D7:16:0C:38:6F:D2:AA:9C:D7:9E:9D:59:6B:2C:36:6D:35:86:90:F0:C2:B8:12:CC:50:F9
+ "node7.achudk.com" (SHA256) 11:DB:AA:5A:CD:E4:A3:A2:F3:47:3D:78:61:2A:B8:FB:E5:6C:17:5F:D6:78:2D:FB:0C:99:13:09:F0:38:15:EC
+ "node1.achudk.com"  (SHA256) C8:4D:B4:91:08:C0:F3:A5:EF:03:CC:0A:C5:7C:53:E7:CC:21:C3:72:2B:66:0F:E5:13:06:A5:85:25:E4:0B:C0 (alt names: "DNS:node7.achudk.com", "DNS:puppet", "DNS:puppet.achudk.com")

  • 停止Agent節點的前臺puppetagent進程

    1. 開發本實驗所需模塊

本實驗開發模塊在 /root/modules 目錄下

  • chrony時間同步服務模塊
mkdir -pv /root/modules/chrony/{manifests,files,templates,spec,lib,tests}
vim /root/modules/chrony/manifests/init.pp

class chrony {
    package{'chrony':
        ensure => latest;
    } -> 

    file{'chrony.conf':
        path    =>  '/etc/chrony.conf',
        source  =>  'puppet:///modules/chrony/chrony.conf',
    } ~> 

    service{'chronyd':
        ensure  =>  running,
        enable  =>  true,
    }
}


vim /root/modules/chrony/files/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 172.16.0.1 iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

# Ignore stratum in source selection.
stratumweight 0

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Enable kernel RTC synchronization.
rtcsync

# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3

# Allow NTP client access from local network.
#allow 192.168/16

# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1

# Serve time even if not synchronized to any NTP server.
#local stratum 10

keyfile /etc/chrony.keys

# Specify the key used as password for chronyc.
commandkey 1

# Generate command key if missing.
generatecommandkey

# Disable logging of client accesses.
noclientlog

# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5

logdir /var/log/chrony
#log measurements statistics tracking
  • nginx模塊示例
mkdir -pv /root/modules/nginx/{manifests,files,templates,spec,lib,tests}
vim /root/modules/nginx/manifests/init.pp

lass nginx {
    package{'nginx':
        ensure  =>  latest,
    } ->

    service{'nginx':
        ensure  =>  running,
        enable  =>  true,
    }
}

vim /root/modules/nginx/manifests/ngx_proxy.pp

class nginx::ngx_proxy inherits nginx {
    file{'nginx.conf':
        path    =>  '/etc/nginx/conf.d/ngx_proxy.conf',
        source  =>  'puppet:///modules/nginx/ngx_proxy.conf',
        owner   =>  'nginx',
        group   =>  'nginx',
        mode    =>  '0644',
    }

    Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
}

vim /root/modules/nginx/files/ngx_proxy.conf
upstream tomcatsrvs {
    server node11.achudk.com:8080;
    server node12.achudk.com:8080;
}
server {
    listen       80;
    server_name  node1.achudk.com;

    location / {
        proxy_pass http://tomcatsrvs;
    }
}
  • jdk8模塊示例
mkdir -pv /root/modules/jdk8/{manifests,files,templates,spec,lib,tests}
vim /root/modules/jdk8/manifests/init.pp
class   jdk8    {
    package{'jdk8':
        name    =>  'java-1.8.0-openjdk-devel',
        ensure  =>  installed,
    } ->

    file{'java.sh':
        path    =>  '/etc/profile.d/java.sh',
        source  =>  'puppet:///modules/jdk8/java.sh',
        ensure  =>  file,
    }
}
vim /root/modules/jdk8/files/java.sh
export JAVA_HOME=/usr
  • tomcat模塊示例
mkdir -pv /root/modules/tomcat/{manifests,files,templates,spec,lib,tests}
vim /root/modules/tomcat/manifests/init.pp
class tomcat {
    package{['tomcat','tomcat-webapps','tomcat-admin-webapps','tomcat-docs-webapp']:
        ensure  =>  installed,
    }

    file{'server.xml':
        path    =>  '/etc/tomcat/server.xml',
        content =>  template('tomcat/server.xml.erb'),
        require =>  Package[['tomcat','tomcat-webapps','tomcat-admin-webapps','tomcat-docs-webapp']],
    }

    file{'tomcat-users.xml':
        source  =>  'puppet:///modules/tomcat/tomcat-users.xml',
        path    =>  '/etc/tomcat/tomcat-users.xml',
        require =>  File['server.xml'],
    }
    exec{'createtest':
        command =>  'mkdir -pv /usr/share/tomcat/webapps/test/{WEB-INF,META-INF,lib,classes}',
        path    =>  '/bin:/sbin:/usr/bin:/usr/sbin',
        creates =>  '/usr/share/tomcat/webapps/test/WEB-INF',
#       owner   =>  'tomcat',
#       group   =>  'tomcat',
        require =>  File['tomcat-users.xml'],
    }

    service{'tomcat':
        ensure  =>  running,
        enable  =>  true,
        restart =>  'systemctl stop tomcat && echo "Please wait seconds" && sleep 2 && systemctl start tomcat',
        subscribe   =>  Exec['createtest'],
    }
}
vim /root/modules/tomcat/manifests/aindex.pp
class tomcat::aindex    inherits tomcat {
    file{'aindex.jsp':
        source  =>  'puppet:///modules/tomcat/aindex.jsp',
        path    =>  '/usr/share/tomcat/webapps/test/index.jsp',
        owner   =>  'tomcat',
        group   =>  'tomcat',
        mode    =>  '0644',
    }

    Exec['createtest'] -> File['aindex.jsp']
}
vim /root/modules/tomcat/manifests/bindex.pp
class tomcat::bindex    inherits tomcat {
    file{'bindex.jsp':
        source  =>  'puppet:///modules/tomcat/bindex.jsp',
        path    =>  '/usr/share/tomcat/webapps/test/index.jsp',
        owner   =>  'tomcat',
        group   =>  'tomcat',
        mode    =>  '0644',
    }

    Exec['createtest'] -> File['bindex.jsp']
}
vim /root/modules/tomcat/templates/server.xml.erb
#在<host>配置段中增加以下一項
<Context path="/test" docBase="test" reloadable="true"/>
vim /root/modules/tomcat/files/tomcat-user.xml
#增加以下幾項
<role rolename="admin-gui"/>
 <role rolename="manager-gui"/>
 <user username="tomcat" password="tomcat" roles="manager-gui,admin-gui"/>
vim /root/modules/tomcat/files/aindex.jsp
<html>
    <head><title>Tomcat_A</title></head>
        <body>
        <h1><font color="red">TomcatA.achudk.com</font></h1>
            <table align="centre" border="1">
                <tr>
                <td>Session ID</td>
                <% session.setAttribute("achudk.com","achudk.com"); %>
                <td><%= session.getId() %></td>
                </tr>
                <td>Created on</td>
                <td><%= session.getCreationTime() %></td>
                </tr>
            </table>
        </body>
</html>
vim /root/modules/tomcat/files/bindex.jsp
<html>
    <head><title>Tomcat_B</title></head>
        <body>
        <h1><font color="green">TomcatB.achudk.com</font></h1>
            <table align="centre" border="1">
                <tr>
                <td>Session ID</td>
                <% session.setAttribute("achudk.com","achudk.com"); %>
                <td><%= session.getId() %></td>
                </tr>
                <td>Created on</td>
                <td><%= session.getCreationTime() %></td>
                </tr>
            </table>
        </body>
</html>
  • memcached模塊示例
mkdir -pv /root/modules/memcached/{manifests,files,templates,spec,lib,tests}
vim /root/modules/memcached/manifests/init.pp
class memcached {
    package{'memcached':
        ensure  =>  installed,
    }

    file{'javolution-5.4.3.1.jar':
        path    =>  '/usr/share/java/tomcat/javolution-5.4.3.1.jar',
        source  =>  'puppet:///modules/memcached/javolution-5.4.3.1.jar',
        require =>  Package['memcached'],
    }
    file{'memcached-session-manager-1.8.3.jar':
        path    =>  '/usr/share/java/tomcat/memcached-session-manager-1.8.3.jar',
        source  =>  'puppet:///modules/memcached/memcached-session-manager-1.8.3.jar',
        require =>  File['javolution-5.4.3.1.jar'],
    }
    file{'memcached-session-manager-tc7-1.8.3.jar':
        path    =>  '/usr/share/java/tomcat/memcached-session-manager-tc7-1.8.3.jar',
        source  =>  'puppet:///modules/memcached/memcached-session-manager-tc7-1.8.3.jar',
        require =>  File['memcached-session-manager-1.8.3.jar'],
    }
    file{'msm-javolution-serializer-1.8.3.jar':
        path    =>  '/usr/share/java/tomcat/msm-javolution-serializer-1.8.3.jar',
        source  =>  'puppet:///modules/memcached/msm-javolution-serializer-1.8.3.jar',
        require =>  File['memcached-session-manager-tc7-1.8.3.jar'],
    }
    file{'spymemcached-2.11.1.jar':
        path    =>  '/usr/share/java/tomcat/spymemcached-2.11.1.jar',
        source  =>  'puppet:///modules/memcached/spymemcached-2.11.1.jar',
        require =>  File['msm-javolution-serializer-1.8.3.jar'],
    }
    exec{'service':
        command =>  'systemctl start memcached && systemctl enable memcached && systemctl restart tomcat',
        path    =>  '/bin:/sbin:/usr/bin:/usr/sbin',
        subscribe   =>  File['spymemcached-2.11.1.jar'],
    }
}
vim /root/modules/memcached/templates/server.xml.erb
#在<host>配置段中增加以下內容
<Context path="/test" docBase="test" reloadable="true"/>
    <Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
                memcachedNodes="n1:<%= 'node11.achudk.com' %>:11211,n2:<%= 'node12.achudk.com' %>:11211"
                failoverNodes="n1"
                requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$"
                transcoderFactoryClass="de.javakaffee.web.msm.serializer.javolution.JavolutionTranscoderFactory"
    />
#將以下幾個 .jar 類文件放置到制定目錄
mv /root/{javolution-5.4.3.1.jar,memcached-session-manager-1.8.3.jar,memcached-session-manager-tc7-1.8.3.jar,msm-javolution-serializer-1.8.3.jar,spymemcached-2.11.1.jar} /modules/memcached/files/
  1. 定義主機清單文件
vim /root/manifests/site.pp

node 'base' {
    include chrony
}

node 'node7.achudk.com' {
    include nginx::ngx_proxy
}

node 'node11.achudk.com' {
    include jdk8
    include tomcat::aindex
    include memcached
}

node 'node12.achudk.com' {
    include jdk8
    include tomcat::bindex
    include memcached
}
  1. 將所有 modules 和 manifest (主機清單) 置於對應的production環境下
mv /root/modlues /etc/puppet/environments/production/modules
mv /root/manifests/site.pp /etc/puppet/environments/production/manifests/
  1. 啓動Agent的puppetagent服務
systemctl start puppetagent

從節點會自動同步master節點的所有部署內容

  1. 如果從節點未立即同步部署內容,可使用kick命令來通知所有Agent來同步修改後的部署配置
#在Master節點執行
puppet kick -a
achuDk
發佈了56 篇原創文章 · 獲贊 33 · 訪問量 9萬+
私信 關注
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Vagrant命令究竟做了什麼? - What exactly do the Vagrant commands do?

問題: There is surprisingly no documentation on what the Vagrant commands do, other than references throughout the "gett

javail 2021-12-26 21:15:03

2021 年 25 大 DevOps 工具(上)

DevOps 正在改變全球軟件開發的狀態,DevOps 正以某種形式有效地提高提高全球軟件公司的上市速度、可銷售性、創新和產品質量。 2021 年是 DevOps 的重要一年。由於 DevOps 跨越開發、運營、IT、安全和產品團隊等等,以

原創 2021-12-25 21:36:47

將單個文件從主機複製到 Vagrant 來賓的最簡單方法? - Easiest way to copy a single file from host to Vagrant guest?

問題: I have a use case where I occasionally want to copy a single file from my host machine to the Vagrant guest.我有一個用例,

技術盛宴 2021-09-20 21:25:00

對jenkins的理解

持續集成是什麼?簡稱 CI 概念: Continuous integration 持續集成指的是,頻繁地(一天多次將代碼集成到主幹) 持續集成的目的:讓產品可以快速迭代,同時保持高質量,在代碼集成到主幹會自動化檢測,有一個測試

原創 2021-05-21 21:08:54

【文章】2021年的十五個DevOps趨勢預測

   關注禪道,瞭解更多資訊 DevOps已經走過了很長的一段路,毫無疑問,它將在今年繼續閃耀。由於許多公司都在尋找圍繞其數字化轉

炒蠶豆喫蹦豆 2021-02-22 21:26:04

2021年的十五個DevOps趨勢預測

DevOps已經走過了很長的一段路,毫無疑問,它將在今年繼續閃耀。由於許多公司都在尋找圍繞其數字化轉型的最佳實踐,因此瞭解領導者認爲該行業的發展方向非常重要。從這個意義上說,下面的文章收集了DevOps高層對2021年DevOps趨勢的迴應

原創 2021-02-05 09:24:53

通過收購SaltStack提升VMware的雲自動化能力

通過收購SaltStack提升VMware的雲自動化能力 September 29, 2020 有興趣的同學可以對照看 英文原文 。 對本次收購背景的說明 今天的雲產業是由多樣性定義的:比以往任何時候都有更多的基礎設施和應用程

osc_3nr2bq5w 2021-01-31 09:20:22

centos8安裝ansible

知識瞭解: Ansible 是給 Linux 系統管理員使用的出色自動化工具。它是一種開源配置工具,能讓系統管理員可以從一箇中心節點(即 Ansible 服務器)管理數百臺服務器。將 Ansible 與 Puppet、Chef 和 Sal

osc_0m0d4mbq 2021-01-30 10:50:24

2020DevOps狀態報告

這是Puppet報告的走過的第九個年頭,本次報告基於對2400名IT、開發、信息安全行業的技術人員的調研,着重勾畫了DevOps狀態的兩大趨勢:平臺模型、需求變更的管理。 多年來,我們已經證明了DevOps實踐會帶來更好的績效和組織成果,

原創 2021-01-30 10:35:46

從0 到1 又如何?他逆襲成邊緣雲計算的貢獻者

  點擊查看活動詳情 https://t.csdnimg.cn/L4B8 社區介紹 StarlingX,一個專注於對低延遲和高性能應用進行優化的開源邊緣計算及物聯網雲平臺,StarlingX項目旨在爲邊緣計算重新配置經過驗證的雲技術,

osc_xmvqghwh 2021-01-30 10:16:25

基於Ansible和Devops的一鍵測試環境部署實踐

​轉載本文需註明出處:微信公衆號EAWorld,違者必究。 隨着網絡架構的不斷升級和業務的複雜化,對產品多環境支持的要求越來越高。產品支持的數據庫、應用服務器、中間件、操作系統等的多樣化,使測試環境的組合越來越多,導致測試環境的部署難度不

原創 2021-01-30 10:08:40

centos or rhel puppet  安裝

1.在centos or rhel 安裝,使用yum源安裝  1)enterprise 5   sudo rpm -ivh http://yum.puppetlabs.com/el/5/products/i386/puppetlabs-

fengzhongfei123 2020-07-06 13:11:56

【SoBlog自動化部署方案】Debian9.11部署系統記錄

文章目錄一. 安裝java二. 安裝jenkins三. 安裝Git四. 安裝docker五. 安裝Maven六. 配置項目運行環境配置Jenkins執行腳本 一. 安裝java 搜索java安裝包 $ apt-cache se

sleepyocean 2020-07-06 06:40:48

Python - 通過Python 製作簡易的一鍵部署腳本

文章目錄Python - 通過Python 製作簡易的一鍵部署腳本1、定義流程2、創建標準的部署模版3、創建服務器配置4、創建部署配置5、創建運行腳本6、延展性 Python - 通過Python 製作簡易的一鍵部署腳本 1、定

简简单单OnlineZuozuo 2020-07-02 12:24:28

使用Jenkins + docker 自動化部署Spring boot 微服務 詳盡操作流程

前言   之前寫過一遍比較粗略的jenkins + docker部署文章,這次有時間,認真的寫一遍比較詳細完整的jenkins +docker部署文章,由於有時間所以這次就多寫一點吧,記錄下我自己對docker的看法,以及它的作用,若有不

ReiNer_Shir 2020-07-01 00:39:49